MSP Templates for a Best Practices Cybersecurity Assessment

If you have not heard about cybersecurity online, in print, or on the news in the last 10 years, exactly how safe are your customers? Cybersecurity has become a serious topic for businesses and consumers. And unfortunately, cyber threats are set aside in favor of other initiatives and become a bigger problem in the long run.

Creating an initial and ongoing cybersecurity plan requires effort. Best practices are chosen, an assessment is performed, recommendations and gap analysis determine resolution, a project becomes implemented, rinse, and repeat. It is like a Technology Alignment Manager (TAM) onsite assessment with an emphasis on securing Personal Identifiable Information (PII) from malicious threats.

To maintain the security of a customer—and their customers—there are three areas to understand: Threats, Exploits, and Vulnerabilities.

  • A Threat is a person or thing likely to cause damage or danger intentionally or unintentionally. Understanding who, what, and where threats originate assists in reducing the risk of a breach.
  • An Exploit is a method of circumventing or taking advantage of a bug to cause unintended behavior to occur. These are often discovered and used by threats to gain access to software and systems.
  • A Vulnerability is a bug or defect that presents a weakness and exposes it to a threat. These allow unauthorized actions to execute within a system to access confidential information.

The three areas are summed up in a simple sentence: Threats use Exploits to attack Vulnerabilities. Cybersecurity requires detailed attention to all three areas to protect clients. Focusing on one area temporarily relieves risk and is not a permanent solution. Every customer needs a cybersecurity assessment regardless of their industry. Protecting company data is critical and executing the minimum requirements is the least a Technology Success Practice (TSP) can do for its customers.

As of this writing, there are a few templates in our myITprocess software that are available to assist with a company-wide cybersecurity assessment.

  • NIST Cybersecurity Framework (CSF) 1.1
  • NIST 800-171
  • CIS Controls 7.1
  • UK Cyber Essentials

There are many templates available within myITprocess, but this set has particular advantages over others for a general cybersecurity assessment.

  • They are easy to interpret. Many regulations and statutory requirements come directly from the law. It takes a bit of translation to make them understandable for a TAM, vCIO, and the customer.
  • They are industry- and technology-neutral best practices. No specific hardware, software, or service comes recommended by name. This is due to the varying risks different businesses face in their industry.
  • In comparison, they are easy to deploy and maintain. Each of the templates has minimum requirements with maximum effectiveness. Allowing a TAM to maximize their assessment with fewer questions makes a recurring audit workable.

Because these templates are not tied to one industry, they are usable for almost any customer. But take that statement lightly; Industry-specific regulations must follow their own set of rules. For instance, a government contractor must follow NIST 800-171, and performing a CIS Controls 7.1 assessment in its place is not advisable.

There is a lot of flexibility for Technology Service Providers to mix and match questions and categories to fulfill a clear-cut need. Vendor- and technology-neutral guidelines contribute to customized assessments by focusing on risk mitigation and not which brand to use.

cybersecurity ebook

TOPICS: cybersecurityIT securityIT standardsMSP security
« Previous Post Back to Blog Next Post »